From b3a22d90495561baec558bf619a93fe0f94be58a Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Mon, 4 Nov 2024 15:30:48 +0100
Subject: [PATCH] [ipa/server] Add logrotate config for krb5kdc

The log files for krb5kdc had around 1 GB each on ipa01.stg. To prevent this in
future let us replace the original config with one that is compressing the old logs.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
---
 roles/ipa/server/files/logrotate_krb5kdc | 10 ++++++++++
 roles/ipa/server/tasks/main.yml          |  6 ++++++
 2 files changed, 16 insertions(+)
 create mode 100644 roles/ipa/server/files/logrotate_krb5kdc

diff --git a/roles/ipa/server/files/logrotate_krb5kdc b/roles/ipa/server/files/logrotate_krb5kdc
new file mode 100644
index 0000000000..3d9fd6b27b
--- /dev/null
+++ b/roles/ipa/server/files/logrotate_krb5kdc
@@ -0,0 +1,10 @@
+var/log/krb5kdc.log {
+    missingok
+    notifempty
+    monthly
+    rotate 12
+    compress
+    postrotate
+        systemctl reload krb5kdc.service || true
+    endscript
+}
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index b04a3e2f40..d57d48e9d7 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -613,6 +613,12 @@
   - config
   - krb5
 
+- name: Copy the new krb5 logrotate config
+  ansible.builtin.copy:
+    src: logrotate_krb5kdc
+    dest: /etc/logrotate.d/krb5kdc
+    mode: '0644'
+    backup: yes
 
 - import_tasks: scripts.yml